Archiving Job Fails With: "Failed to provision a proxy appliance : Unable to connect by SSH to Appliance."

KB ID: 4320
Product: Veeam Backup & Replication | 11
Published: 2022-06-14
Last Modified: 2022-06-14
Get weekly article updates
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.

Cheers for trusting us with the spot in your mailbox!

Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest

error icon

Oops! Something went wrong.

Please try again later.

Challenge

An Archiving Job for a Scale-Out Backup Repository fails with the error:
Failed to provision a proxy appliance: Unable to connect by SSH to Appliance.
Failed to provision a proxy appliance: Unable to connect by SSH to Appliance.
Log Example
[dd.mm.yyyy hh:mm:ss] <tid> Warning Failed to provision a proxy appliance: Unable to connect by SSH to appliance.
[dd.mm.yyyy hh:mm:ss] <tid> Error Failed to login to host: '<appliance_ip>', port: 22, elevation to root: 'yes', autoSudo: no, use su if sudo fails: no, host name: , IPs: [<appliance_ip>], AuthenticationData: [UserName: ubuntu, AuthTypes: [KeyboardInteractive, Password]]. Unable to establish connection to host <appliance_ip> on any IP address. (System.Exception)

Cause

This issue most commonly occurs when the Firewall or Security groups in AWS/Azure have blocked port 22.

This issue may also occur if an outbound Firewall rule for the environment has blocked port 22.

Solution

Check Firewall Configuration

Review the Used Ports: Archive Object Storage Repository section of the Veeam Backup & Replication User Guide. Confirm that necessary Firewall and Security Group settings have been configured to ensure communication.

 

Isolation Test Guide

This section provides a step-by-step guide on performing isolation testing to determine if the Port 22 of the Archive Proxy Appliance can be reached.

Note: This process will start all offload/archiving jobs. The offload is started because the appliance is non-persistent and only exists during the archive tier task. Please take this into account and run this after production hours if needed. The IP of the Archive Proxy Appliance is assigned from the Archive Tier Properties under Subnet Settings.

  1. Assign a specific Windows server as the Gateway Server for the Archive Tier's Object Storage Repository.
    This is done so you know which server to perform the isolation test from in the later steps.
    1. Edit the Object Storage Repository assigned as the Archive Tier for the Scale-Out Backup Repository.
    2. Select the Account Tab ( S3 Glacier | Azure Archive ).
    3. On the Account tab, enable "Use the following gateway server:"
    4. Assign a Windows server that can connect to the Cloud Storage. 
      The server you select as the Gateway Server is the one from which you will run the test in Step #.
  2. Force the Tiering Job to start.
    This is done because the Archive Tiering Appliance is non-persistent and only exists when an Archiving Task occurs.
    1. Hold the Ctrl key on the keyboard and right-click on the Scale-Out Backup Repository.
    2. In the context menu, select "Run tiering job now"
Run tiering job
  1. Identify the IP address of the Archiving Job's Proxy Appliance(s).
AWS Instance List
For AWS EC2, when the Archive Tier task starts, you will find the IP of the Proxy Appliance here.
Azure Virtual Machines list
For Azure, when the Archive Tier task starts, you will find the IP of the Proxy Appliance here.
  1. Connect to the Gateway Server you assigned in Step# 1 and perform the Isolation Test.
    This will isolate whether the communication issue is a problem within Veeam Backup & Replication or the environment itself.
    1. Connect the Gateway Server
    2. Open an Administrative PowerShell WindowTip:
      1. Right-Click the Start button
      2. Tap the "a" key
      3. Tap the left arrow key
      4. Hit the spacebar
    3. Run the following command:
      Replacing <app_IP> with the Proxy Appliance's Public IP
Test-NetConnection -ComputerName "<app_ip>" -Port 22

Reviewing Results

Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.

Spelling error in text

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

Oops! Something went wrong.

Please try again later.

KB Feedback/Suggestion

This form is only for KB Feedback/Suggestions, if you need help with the software open a support case

By submitting, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Verify your email to continue your product download
We've sent a verification code to:
  • Incorrect verification code. Please try again.
An email with a verification code was just sent to
Didn't receive the code? Click to resend in sec
Didn't receive the code? Click to resend
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

error icon

Oops! Something went wrong.

Please try again later.